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Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

Listing of Claims: 

What is claimed is: 

1.-29. (Cancelled) 

30. (Currently Amended) An apparatus arr a ng e d — tef — r e c ei ving, . 
comprising : 

an authentication gateway operable to receive an access request in a 
telecommunication core network (CN) [[from]] through a wireless local access network- 
access server (WLAN-AS) in a wireless local access network (WLAN) from a user 
equipment (UE) of a user, the user being a subscriber of the telecommunication CN and 
being identified by a user's identifier included in the access request[[,]]; 

the apparatus hav i ng a m e ans for carry i ng authentication gateway operable to 
carry out an authentication procedure with the UE through the WLAN-AS in order to 
authenticate the user; and a m e ans for by computing at least one secret user's key (Kc) 
usable as cryptographic material; 

the apparatus further comprising: 

a means for deriving from the cryptographic material a user's shared key 
intended for single sign on (SSO) purposes for carrying out an authentication procedure 
between the authentication gateway and the UE through the WLAN-AS in order to 
authenticate the user : and 

a means for sending the user's shared key along with the user's identifier 
towards a SSO session manager serving a service network (SN) of a mobile network 
operator (MNO) (MNO-SN), wherein the SSO session manager is operable to manage 
a session record for a user accessing the service network through an access network; 
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the authentication gateway further being operable to receive a notification that an 
access session has been established, the notification triggering the sending of the 
user's shared key towards the SSO session manager; 

the authentication gateway being further operable to receiving a notification that 
a session at the access level has been terminated, and forwarding the termination 
notification towards the SSO session manager in order to inactivate a current master 
session for the user. 

31 . (Currently Amended) The apparatus of claim 30, further comprising means 
for b ei ng notif i ed that a s e ss i on at an acc e ss le v el of th e WLAN AS has b ee n 
e stab l ish e d, th i s not i f i cat i on tr i gg e r i ng th e s e nd i ng of th e us e r's shar e d k e y to a SSO 
s e ssion manag e r s e rv i ng th e MNQ SN. receiving a first user's shared key and a user's 
identifier from the core network for SSO authentication purposes, the first user's shared 
key obtainable during the authentication of the user bv the core network: 

means for creating a master session for the user that comprises the user's 
identifier and the received first user's shared keys and means for checking whether a 
second user's shared key derived at the user's eguipment matches the first user's 
shared key included in the master session for the user . 

32. (Currently Amended) The apparatus of claim 31 , further comprising means 
for be i ng not i f i od that a s e ssion at th e acc e ss l e v el of th e WLAN AS has b ee n 
terminat e d, and moans for forward i ng this not i f i cat i on to a SSO sess i on manag e r 
s e rving tho MNQ SN i n ord e r to i nact i vat e a curr e nt mast e r s e ss i on for th e us e r creating 
a service session to index a master session, in case of matching first and second user's 
shared keys, the service session being a token of a successful SSO user 
authentication . 

33. -45. (Canceled) 
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46. (Currently Amended) A user equipment (UE) usable by a user with a 
subscription in a telecommunication network , comprising: 

and arranged to acc e ss means for accessing a service network (SN) of a mobile 
network operator (MNO)(MNO-SN) through a wireless local access network (WI_AN)[[,]]; 
tho UE hav i ng 

means for carrying out an authentication procedure to authenticate the user with 
[[a]] an authentication gateway of a core network (CN), through [[the]] a WLAN access 
server (WLAN-AS) A wherein the authentication gateway is operable to receive 
notifications that an access session has been established and terminated: 

[[and]] 

means for computing at least one secret user's key usable as cryptographic 
material[[,]]i 

th o UE compr i s i ng: 

a means for deriving from the cryptographic material a user's shared key 
intended for single sign on (SSO) purposes; 

a repository for storing the user's shared key; and 

a means for confirming to [[a]] SSO session manager of the MNO-SN the user's 
shared key stored at the UE. 

47. (Previously Presented) The UE of claim 46, wherein the means for 
confirming the user's shared key to the session manager of the MNO-SN includes a 
means for downloading an SSO plug-in from, the session manager of the MNO-SN, the 
SSO plug-in operable to confirm the user's shared key. 

48. (Previously Presented) The UE of claim 46, wherein the means for 
confirming to a session manager of the MNO-SN the user's shared key includes a 
means for processing the user's shared key to obtain a key code to be transmitted to 
the session manager of the MNO-SN. 
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49. (Previously Presented) The UE of claim 46, further comprising means for 
receiving an SSO cookie from the session manager of the MNO-SN, the SSO cookie to 
be included in all further service requests from the UE as an SSO token. 



50.-58 (Canceled) 
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